Skip to main content
Skyhigh Security

SOCKS Proxy Rule Set

The SOCKS Proxy rule set is a library rule set for filtering traffic that is going on under the SOCKS protocol.

Library rule set - SOCKS proxy
Criteria - Always
Cycles - Requests (and IM) and reponses

The rule set contains the following rules.

Filter traffic under the SOCKS protocol with filterable embedded protocol

ProtocolDetector.ProtocolFilterable <Protocol Detector Settings> equals true –> Stop Cycle — ProtocolDetector.ApplyFiltering

The rule uses the ProtocolDetector.ProtocolFilterable property to check whether the protocol that is embedded in the SOCKS traffic is filterable on Web Gateway. Filterable protocols are HTTP and HTTPS.

If either of these two protocols is detected, filtering is enabled by the rule event. If no embedded protocol is detected, the rule does not apply and processing continues with the second rule.

Block traffic under the SOCKS protocol if no embedded protocol is detected

ProtocolDetector.ProtocolFilterable <Protocol Detector Settings> equals " " –> Block <Default>

The rule blocks requests if no embedded protocol is detected.

Block traffic under the SOCKS protocol if detected protocol is not on whitelist

ProtocolDetector.DetectedProtocol <Protocol Detector Settings> is not in list Protocol Whitelist –> Block <Default>

The rule blocks requests if an embedded protocol is detected, but is not on a particular whitelist.

The rule is not enabled by default.

  • Was this article helpful?